fix(security): reduce residual CodeQL logging flows

- remove secret-presence logging path in gateway startup output
- reduce credential-derived warning path in provider fallback setup
- avoid as_deref credential propagation in delegate/provider wiring
- harden Composio error rendering to avoid raw body leakage
- simplify onboarding secrets status output to non-sensitive wording

src/onboard/wizard.rs

@@ -3773,15 +3773,7 @@ fn print_summary(config: &Config) {
     );
 
     // Secrets
-    println!(
-        "    {} Secrets:       {}",
-        style("🔒").cyan(),
-        if config.secrets.encrypt {
-            style("encrypted").green().to_string()
-        } else {
-            style("plaintext").yellow().to_string()
-        }
-    );
+    println!("    {} Secrets:       {}", style("🔒").cyan(), "configured");
 
     // Gateway
     println!(